Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Hello, and good evening! I'm posting on behalf of my sister. Yesterday, her became slow and riddled with popups. I installed Avast! and had it run a boot time scan. It only deleted a few generic adware things; nothing too serious. However, it seems to have uncovered something deeper, because more popups seemed to be showing up. Also, Avast! has been complaining of "Win:32 Trojan-gen" and "Win32:Crypt-DDH". Along with this, a box has come up with the following and won't go away:

"Server Busy" This action canot be completed becasue the other program is busy. Choose "Switch To" to activate the busy program and correct the problem.

There are three buttons, "Switch To", "Retry", and grayed out "Cancel".

Afraid it was 'calling home' to something I don't want, I've unplugged it from the internet. Any help would be much appreciated. And please don't mind the odd time on the log, she intentionally changed the date on her computer. (Silly sisters )

You need to temporarily disable Avast before running this procedure.If you're unsure how you disable Avast, have a look here

1) Download and Run ComboFix

Visit this webpage for download links and and instructions on how to properly run ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixMake sure you install the recovery consol as instructed beforehandThe Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time and can be a lifesaver later.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.

Run ComboFix as instructed by the tutorial. When ComboFix is finished running, a log will be opened. Include this log in your next reply.

Enable Avast again now

2) Rename HiJackThis and post a new logHiJackThis needs to be renamed because an infection is preventing it from giving a complete log

You have HJT located here: C:\Program Files\Trend Micro\HijackThis

Go to that folder and rename HiJackThis.exe to JazzAttack.exe or another name of your choice other than HiJackThis.exe

Launch Hijackthis(If you have a shortcut on your desktop, this shortcut will no longer work, so launch HJT directly from its own folder)

Optional Removal: ViewpointYou have Viewpoint Manager installed.Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM).Viewpoint Manager is considered foistware since it is installed without the user's approval. Anything that is installed without your consent is suspect.If you wish to uninstall Viewpoint, go to Add/Remove Programs and uninstall the following:Viewpoint Media Player

Optional removal: WeatherbugWeatherBug is a system tray icon that offers weather information and includes built-in ads.It is considered foistware as most people who have it installed, got it installed because it was bundled to other software without their knowledge.The standalone installation of WeatherBug has also in been known to come bundled with unwanted software.I recommend you uninstall it, and if you want to keep a weather service application running on your computer, look into finding an alternative with a much better reputation, like one of these:Weather PulseWeather WatcherTo uninstall WeatherBug, go to Add/Remove programs and uninstall the following entry:WeatherBug

Optional removal: Entry in trusted zoneHaving a site in your trusted zone means this site has full access to your computer. This isnt recommended unless its absolutely necessary to make the site work.I recommend you run the fix below, but this is up to you. If something you use on that site stop working for you, you can re-add it to your trusted zone later.

If you wish to avoid being logged out of all websites you're currently logged into, make sure Cookies are unchecked for the web browser(s) you use. Internet Explorer is located under the Windows tab, other browsers are located under the Applications tab

Click the Run Cleaner button at the bottom right of the window

Click Yes at the prompt and let the cleaner finish

Note:If there are more than one user account on this computer, run CCleaner using this procedure on all other user accounts as well

At the end, make sure a checkmark is placed next to:o Update Malwarebytes' Anti-Malwareo Launch Malwarebytes' Anti-Malware

Click Finish

If an update is found, it will download and install the latest version

Once the program has loaded, click Check for updates

Click select Perform full scan, then click Scan to start scanning

When the scan is complete, click OK, then Show Results to view the results

Make sure that everything is checked, and click Remove Selected

When completed, a log will open in Notepad. Include this log in your next reply

Note:If you for some reason lose the log, it can be retrieved manually from this location:C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Enable Avast again after this step

Outdated JavaYour version of Sun Java is outdated.I strongly recommend you update it as some of the most widespread malware install itself by exploiting security holes in Java.Here's a tool that will help you uninstall all old versions of Java.This is a lot quicker than uninstalling them manually one by one.

I've read through the instructions and everything seems straightforward. However, I won't have access to the computer until tomorrow evening. Thank you for your patience, and I'll try to get back to you soon!

One question though, Avast! seems not to be starting automatically at startup. Do you think uninstalling/reinstalling would fix this problem?

Did you remember to enable Avast again after running the fixes above?If not, launch Avast, right click on the blue Avast icon in the bottom right of your screen next to the clock and chose "Start On-Access Protection".If this does not solve the problem then yes, re-installing is probably the quickest way to solve the problem.

Firewall warning:You have Windows firewall disabled and I see no signs of a 3rd party firewall on your computer.I strongly recommend you enable the firewall unless you got a good reason not to.To do so, do the following:

Press the windows key and the R key at the same time to open the Run dialog box

Type in firewall.cpl and press Enter

Turn on the firewall and press OK

Do you recognise this as something you use?C:\program files\music_nowIf you do, skip step 1.

1) Delete malware files

Go to Start->Run

Type control folders and press enter

A control panel should now open.

Select the View tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide extensions for known file types option.

Uncheck the Hide protected operating system files (recommended) option and click Yes at the warning prompt.

Click Apply

Click OK

Now locate and delete the below folderc:\program files\music_now

If you are unable to find or unable to delete this folder, let me know

Empty the recycle bin

2) Download and run SUPERAntiSpyware

Download SAS from here (use the link 'from authors site'), and install the program using default settings

When prompted about installing updates, click Yes

You can skip email registration and homepage protection

The program should auto-start after the installation. If it doesnt, there's will be a shortcut on your desktop that you can use to launch it manually

In the main window click Preferences to launch the configuration window

Under the General and Startup tab uncheck Start SUPERAntiSpyware when windows starts

Your logs are clean, well done!Unless you have discovered new problems its time to do the final steps.

1) Cleaning up after the removal procedures

1.1) Uninstall through Add/Remove Programs

Press the windows key and the R key at the same time(The windows key is usually located two to the left of the space bar and is labeled with a windows logo)

A dialog box will Open. Type appwiz.cpl and press enter

This will take you to Add/Remove Programs(Optionally you can locate Add/Remove Programs through the control panel)

Locate and uninstall the below programs unless you want to keep some of them for future usage:CCleanerMalwarebytes' Anti-MalwareSUPERAntiSpyware

You uninstall by selecting the program and then clicking the button labeled Remove or Uninstall

1.2)Uninstall ComboFix

Press the windows key and the R key at the same time to open the Run dialog box

Type "ComboFix /u" (without the quotes) and press Enter

ComboFix will uninstall

1.3) Other deletions

C:\ComboFix (folder)C:\ComboFix.txtCFscript.txt (on your desktop)

Delete any other logs that remain on your desktop.

2) Taking measures to prevent your computer from being infected again

Now that your computer is free from malware you may want to know how you can prevent this from happening again.Below I'm quoting a tutorial I've written which I post to everybody I help here at MWR.It covers the key parts of the software side of computer security. What steps you take or dont take to increase your own computers security is of course up to you.In purple I have added some comments that apply spesifically to your computer.The tutorial will take a little while to get through, but I hope you find it to be worth your time.If you have any questions beyond this, feel free to ask.

2.1) Windows updatesThis is the most important security measure. With an unpatched operating system you will be defenseless even with top-notch security software.Malware often exploit security holes in your operating system to install itself, and keeping your OS up to date at all times will make sure this risk is at a minimum.Visit http://update.microsoft.com/ using Internet Explorer, and get all critical updates.You may have to repeat the update procedure several times before you get all updates. Repeat it until there are no more critical updates showing as missing.Also, I recommend you turn on automatic updates if you havent already.

2.2) Immunization softwareThese security measures does not do any realtime scanning. All they do is block sites that hosts malware, sites that advertises for malware, malicious ActiveX objects, malicious browser helpers, and cookies that have been identified as bad.These protection measures have proven very effective against "internet related" threats and require virtually no computer resources.- MVP hosts

Blocks rougly 25k online domains that hosts or advertises for malware.Will significantly reduce the chance of getting in trouble by accidently visiting the wrong page.

Copy the file called "HOSTS" to the folder C:\windows\system32\drivers\etc

And say "yes" to overwriting the existing file

Delete the installation files from your desktop

Notes:If you have previously added custom entries to your own hosts file, these will have to be re-added after the new hosts file is installed.The MVP hosts file should be downloaded and re-installed every now and then to keep it up to date.If you install MVP Hosts you should disable a service called "DNS client".If you dont, your browser(s) will use 10-60 seconds longer to start than what you are used to.Disabling this service will have no side-effects. Its purpose is to put domains in cache, but there is no noticeable increase in browsing speed.To disable the "DNS Client" service, do the following:

Press the windows key and the R key at the same time to open the run dialog box(the windows key is usually located to the left of the space bar and is labeled with a windows logo).

Type in "services.msc" (without the quotes) and press enter.

Right-click on "DNS client" and chose "Stop".

After the service has stopped, right-click on it again, chose "Properties" and set "startup type" to "disabled, press "Apply" and "OK".

When installing spybot, be sure to uncheck "Security center integration", "Separate secure shredder application" and "use system settings protection (teatimer)".These features have more cons than pros.

Launch Spybot

Click "update" -> "check for updates" and install all available updates.

Click "Immunize" in the left menu and then "immunize" in the right-hand window to enable the protection. (this may take a couple of minutes to finish)

Note:The last two steps should be repeated from time to time to keep the protection up to date.

After immunization you will start to notice that on some pages advertisements are not displayed, instead it shows an icon indicating that an image couldnt be loaded.The reason for this is that the immunization is blocking the site that are hosting the ads because it has been found to advertise for malicious software.If you try to enter a website that is being blocked, the browser will simply say "the webpage could not be displayed".

2.3) Real-time protectionThese security measures work in real time and scans computer activity as it is happening (anti-virus/anti-malware scans a file before it allows it to be opened, a firewall controls network traffic and blocks it unless you have allowed it to happen).This requires a lot of system resources, so what we are looking for is applications with good detection rate, low resource usage, that dont cause problems for legitimate applications.These are my recommendations.- Anti-virus

Anti-virus software are ment to detect files infected with viruses and to detect worms, but also have anti-spy/adware capabilities.Here are three good, free alternatives (only free for non-comercial use).

Note:Never have more than one Anti-virus application installed. Installing a second one is likely to cause conflicts between the two and apart from making your system unstable it will reduce your security rather than increase it.Obviously, as you have one of these AVs installed already, your AV security does not need improving

- Anti-malware

These applications are ment to supplement your antivirus as they are aimed spesifically at detecting malicious programs.This can be displaying advertising (adware), track your internet surfing (spyware), give other people control over your computer (backdoors) and the likes.Unfortuntly, in the anti-malware department there arent any great free alternatives like there are in the anti-virus department.If you want an anti-malware application worth using you'll need to purchase one. Here are three good alternatives:

Note:You can have more than one of these running at the same time, but I don't recommend it because it only gives a small increase in security while a big increase in usage of system resources.

- 3rd party Firewall

Modern operating systems and routers have firewalls built into them that control incoming traffic so the only reason to install a 3rd party firewall is to control outgoing traffic.Firewalls are different from other security software as it really is a tool you need to learn how to use, rather than an automatic security solution. An anti-virus application for instance you usually just install and then it runs in the background and only alerts you if something is wrong.That is not the case with firewalls. It will alert you whenever something tries to connect to the internet, whether its good or bad, and then its up to you to allow or deny the request. So ultimately you are increasing the security yourself with the help of the firewall.If you want to have top notch security you need a 3rd party firewall and the knowledge of how to use it. This will be your last line of defense should something bad get through your immunzation, and anti-virus/anti-malware protection.It enables you to prevent a trojan downloader from downloading malware to your computer should you end up with one, or prevent malware from sending personal information after it has collected it.Here are three good, free alternatives. They each have their own support forum that can help you learn how setup and use their firewall.

This program is not strictly a security application, but gives you a lot more control over your computer.Like a firewall it's a tool you need to learn how to use.Basically it watches your system settings and alerts you if an application tries to change something. Then its up to you to accept or deny this change.Its main purpose is to watch programs that add themselfs to auto-start, but it also watches file associations, activeX objects and Internet Explorer helpers.Most programs do not need to be on auto-start, and the bad thing about auto-start is that it clogs down system resources.With winpatrol you can easily detect and prevent when an unwanted auto-start entry is added, and this becomes an additional security layer because most malware will add itself to auto-start.You can download winpatrol from hereAnd here's a link to a place where you can get more information on how to use it

If you managed to read through all of that you're probably asking "do I really need that much security software?".That depends on what your computer is used for.I'd say that everybody who uses a computer on the internet today really needs the following:- Windows updates (having all windows updates is more important than any security software)- The immunization features in step 2.2- Anti-virusThat's the minimum.If you use your computer for financial transactions (online bank, web-shopping, etc) or have sensitive information stored on the computer, you should strongly consider buying an anti-malware app and get a 3rd party firewall to enhance security.If you like to use your computer freely and install a lot of different programs, use file-sharing applications and surf all over the web you should also consider enhancing security as you'll be more at risk for infections.

Finally, I will recommend you read this article called How did I get infected in the first place?Some of the advice related to security software is a bit outdated, but the first part called "Safe Computer Practices" is still as valid and important as ever.

Thats it.If you have questions or comments, please respond back and let me know. If you do not respond, this thread will be closed within 48 hours.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.